GPS Spoofer with HackRF One and Android Phone - Shockingly easy!

Подписаться 1,7 тыс.

Просмотров 102 тыс.

50% 1

0:15 What is needed for a GNSS spoofing attack
1:36 Config and run gps-sdr-sim
2:45 Live spoofing experiment setup
3:36 Config the GNSS receiver in the U-Center
4:09 Run the spoofer
4:52 Add GPS jammer to block authentic Glonass and Galileo signals.
5:35 Successful spoofing
6:00 Turn off the jammer to see what happens
In this video, we demonstrated how simple and cheap GPS/GNSS spoofing is. It can even be done on protected receivers!
We used HackRF One and Android phone with open-source projects from GitHub, which can undermine your GNSS-dependant critical infrastructure within a radius of hundreds of meters over-the-air.
More about types of GNSS spoofing attacks: gpspatron.com/types-of-gnss-s...
Links:
github.com/osqzss/gps-sdr-sim
cddis.nasa.gov/Data_and_Deriv...
github.com/demantz/hackrf_and...
Music from motionarray.com/

Наука

Опубликовано:

3 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 107

@nivid01 9 месяцев назад

Mate, I got absolutely no idea what you’re doing but you clearly are a very smart dude and ur video was well presented!!!

@vigiland77 3 года назад

Great useful video, great knowledge. I am waiting for more. :D

@blockchainappsandmultimedi5958 3 года назад

Hello, and thank you for sharing this informative video. Will a EVK-M8N work just as well? Also, what is the model of antenna you are using, are there any alternatives to that antenna? Thanks.

@danielforrest3871 2 года назад

Really cool. Thanks.

@Antonio-ms3gb Год назад

Please, Why did you plug the cellphone with a cable in hack RF instead of use the antenna transmitting ?

@user-vl3nv9rg2z 4 года назад

wow! I haven't ever thought, that it is so easy to hack GPS. so many services are in danger.

@p3rrypm 3 месяца назад

Any information on where to get these devices and manuals for how this works?

@TETRADEV 3 года назад

When to wait next video ?

@lblset Год назад

Крутые ребята) нам такие нужны)

@ArchonLicht 4 месяца назад

Залупа тебе а не такие ребята

@admin.ChristianoGaio 2 месяца назад

Eu estava tentando baixar o arquivo e ele não está mais disponivel a versão compilada e eu não sei onde achar ela

@DuanesMind 3 года назад

What is the bandwidth of the frequency? Maybe by increasing the bandwidth you can jam the real GPS signal and make the receiver only detect yours.

@GPSPATRON 3 года назад

That's exactly what I did. Jammer suppressed all signals in the L1 range from 1560 to 1610 MHz

@santiandres333 2 года назад

Hi, nice work! Why is important and challenging to select a "suitable power/distance combination" between the receiver and the spoofer?

@GPSPATRON 2 года назад

Spoofer --> receiver distance is not very important. It is critical to choose the distance between the jammer, spoofer, and receiver. The jammer must block the original GLONASS and Beidou signals. At the same time jammer should not suppress fake spoofer signals.

@IdrusAlhamid-jz9jt Год назад

but why we need jammer if the transmit position of our Hackrf is nearest, so should be the strongest? And you may forgot mentioned about TCXO clock for hackrf as well?

@xNUKEx 2 месяца назад

@@IdrusAlhamid-jz9jt you need to jam the original signals so the receiver will pick up the spoofed ones - think about it like its not a radio because the signal must be confirmed before they are read (like Bluetooth compared to FM radio) - also if you do not jam the original signals, the Spoof protection on the receiver will pick up on the false signals (like how the GLONASS and Beidou were considered "spoofed" signals after the original jamming)

@davideugenioforero9653 2 года назад

Hi I am generating a csv file with ECEF positions using a SPG4 propagator, to simulate an orbit, I am trying to load it into the software it does the whole procedure but the GPS ublox Neo M8T, that I am using does not engage with this file. I am using a Neo 6 GPS and the system does work, what can I do to make it work with the Neo M8T. Thanks David

@GPSPATRON 2 года назад

Hi David. What software do you use for GPS signal simulation? What hardware?

@kintadaatchyutarao3180 3 года назад

I have tried this experiment with PLUTO SDR, when I am testing with GPS Receiver i am not getting Stable Satellite C/N Ratios, can you help me where did i modify to get proper position fix

@GPSPATRON 3 года назад

Two conditions must be met for the receiver to accept your signal: - good TCXO - other constellations invisibility (you should totally block it with a jammer) Take into account that such over-the-air experiments are illegal in most countries.

@user-mj1qz9hr4r Год назад

Файл эферемид, который качается - старый. Поэтому приемник сравнивает время Глонасс и Бейдоу и откидывает данные GPS как невалидные(с Глонасс разница +3 часа) по времени,например параметр TOW. Если транслировать актуальные эферемиды - Глонасс не поможет. Ничего не поможет . Так как все гражданские телефончики планшетики , самокатики - праймари GPS. И кстати U-Blox center почему-то тоже не мяукнул что время от начала GPS недели старое в эферемиде... однако :))))

@arduinosuperuser-hu9tr Год назад

How to constantly posting the spoofed coordinates? In your video,the spoofed coordinates should be transmitted till 5 min,right?? Suppose i want to transmit a spoofed location for longer time say 10 hrs,how to do that??

@GPSPATRON Год назад

Hi there. There are two options here: 1. develop your own app based on GPS-SDR-SIM with real-time IQ streaming capabilities. 2. Use any commercial app.

@arduinosuperuser-hu9tr Год назад

@@GPSPATRON can you please provide any url for tutorial to develop such app.Sounds complicated! Also,please mention some such commercial apps you mentioned….

@GPSPATRON Год назад

@@arduinosuperuser-hu9tr we have own SDR-based solution: gpspatron.com/gp-simulator/ However, it's a bit expensive - from 1.8k a year.

@E.R.B.B 3 года назад

✊🏻✊🏻✊🏻

@Zalupaktor 2 года назад

Спасибо. Всё подробно и понятно.

@GPSPATRON 2 года назад

you are welcom

@GPSPATRON 2 года назад

Do not try this at home :-)

@user-eh3kf7ot6f 2 года назад

@@GPSPATRON Скажите, пожалуйста, есть ли в Вашем HackRF внешний TCX0 и на сколько мощный передаётся сигнал? У меня штырём покрывается вся квартира с полным приёмом.

@GPSPATRON 2 года назад

@@user-eh3kf7ot6f будет работать и на базовом LO. Но чем выше стабильность по частоте, тем лучше будут координаты имитироваться. Меньше будет дисперсия ошибки в плане.

@ciyusmiapah7071 Год назад

yes Hello, thanks 🙏🏻, but if you using HackRf one you need have TCX0 right? did you declare this?

@Nebullaplayz Год назад

Does i cha ge gpa location to anywhere in the world?

@Sfgvghb-xv2gq 9 месяцев назад

Great video , but I need your help. Last week I do spoofing, and it’s work fine with iPhone. But currently unfortunately it is doesn’t work for iPhone. Currently it is work only for android device. What can I do for improve spoofing?

@xNUKEx 2 месяца назад

im not sure this will help your problem (I'm not as smart as this person) but after changing the geolocation on the iPhone you must reset the phone so it can be spoofed again. Basically after spoofing the phone, you must reset it because any further signals received after you stopped the spoofing will not be read until the Iphone is reset (reset as in hard power off)

@t1g7r21 3 года назад

actually in my practice when i used in open area gps-sdr-sim its dosen't works so simply because after gps cold start when they download ephemeris data. for security ECM i think have alot ECM for protection against spoofing.

@GPSPATRON 3 года назад

It all depends on the algorithms used in the GNSS receiver. This video shows an asynchronous attack ( non-coherent). When the receiver is already locked on real signals, the non-coherent signal is perceived as noise. For an attack to succeed, it is very important to suppress all original signals GPS, GLONASS, Beidou, Galileo. When the receivers lose the signal, there are two algorithms of action: 1. go to search mode. In this case, the receiver will successfully find and lock on the fake signals. 2. wait for the signal to return to its previous codephase-doppler zone. Such receivers can be spoofed only by a coherent attack.

@t1g7r21 3 года назад

@@GPSPATRON your solution based on spatial processing methods for GPS spoofing detection and mitigation?

@t1g7r21 3 года назад

i mean protection.

@GPSPATRON 3 года назад

@@t1g7r21 Yes, you are right. We use several GNSS antennas to analyze spatial parameters of GNSS signals. It's needed to detect a sophisticated coherent spoofing attack. Watch our videos about spoofing attack scenarios: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-5Mw-NKy1BOM.html

@JA-yy6bd 3 года назад

Yes more and also how to detect car tracker on vehicles.

@GPSPATRON 3 года назад

This is impossible to do. The GNSS receiver does not emit any signals and therefore cannot be detected. You can simply block GNSS signals with a jammer. Or you can change the coordinates with a spoofer.

@JA-yy6bd 3 года назад

GPSPATRON so spoofer Signals I need RF one and what else ? Thanks for replying, great video and information.

@GPSPATRON 3 года назад

@@JA-yy6bd To conduct a live-sky experiment you just need HackRF One with antenna, GNSS jammer, and mobile phone or laptop.

@GPSPATRON 3 года назад

but such an experiment may violate your local law. It is forbidden to generate radio signals in this frequency band. It is better to conduct a study with cables as in our video.

@JA-yy6bd 3 года назад

GPSPATRON thanks for your help I really appreciate information and knowledge. Looking forward to more video from you.

@NicksStuff Год назад

Could you broadcast an RF signal and actually show Google maps being spoofed?

@maximbarodzka2670 Год назад

Nick, be careful with this kind of activity. It is illegal in most countries. I mean to broadcast such signals

@superbcutter16 3 года назад

can we use RTL SDR instead of the HackRF One?

@GPSPATRON 3 года назад

RTL SDR is just a receiver. You need a transmitter.

@superbcutter16 3 года назад

@@GPSPATRON what about USRP?

@GPSPATRON 3 года назад

@@superbcutter16 Ettus Research USRP will definitely work.

@superbcutter16 3 года назад

Thank you so much

@GPSPATRON 3 года назад

@@superbcutter16 Please keep in mind that generating signals in GNSS bands may not be legal in your region. The purpose of this channel is to show how unprotected GNSS receivers are against such threats.

@zainulimtiaz7278 2 года назад

I m writing a thesis on spoofing attacks in autonomous vehicles, can anyone here guide me about where to start and how I can make it easy for me?. I have to first spoof the receiver of autonomous vehicles and then propose a mitigation technique. How much these devices cost and can I use them with autonomous vehicles?

@GPSPATRON 2 года назад

Check out this playlist: ru-vid.com/group/PLLKqXsMeT96wCXglr4ILmBP6oF5a9TDiG You will find many interesting videos

@GPSPATRON 2 года назад

Check out the articles on our blog. We publish our research on spoofing there. Maybe it will help you. For example, an article about types of spoofing attacks: gpspatron.com/types-of-gnss-spoofing/

@Antonio-ms3gb Год назад

Hy Zain, i'm writing a thesis that seems your. But mine is about GNSS . Did you finish yours ? We can change informations ....

@moesizzlik5545 10 месяцев назад

is there any practical use for gps spoofing? Only thing that comes to mind is cheating in gps games like ingress or pokemon..beside that..any good use? I tested this with portapack h2+, worked on an old samsung phone, didnt work on my redmi phone unless i turn of internet and it confused my smartwatch so it got no connection..like a jammer. Fun for a minute but i dont see any practical use. Is it just just a "lets see if we can" thing?

@GPSPATRON 10 месяцев назад

This is just a demonstration that GNSS spoofing has become very affordable and easy. Attackers will always find a purpose if critical infrastructure is not protected

@jamesodgers4451 3 месяца назад

In Australia the 7-11 fuel company allows you to lock in a fuel price based on your location for 7 days (so you can travel and still have the cheap fuel) so there is one use - though you would need to use it a lot to pay for the hardware!

@Y_B099 3 года назад

Hi Sir, thank you for the video. Can you explain me the purpose of this practice ? I can’t understand this video ...

@GPSPATRON 3 года назад

Hi Yacine, The purpose of this video is to show the vulnerability of the GNSS receiver to spoofing. GNSS spoofing has become a huge issue for precise navigation, time synchronization.

@Y_B099 3 года назад

@@GPSPATRON thank you for answering sir ! Another question : can you make a video on how to spoof a key with keyfobbing ? Like the video of a mercedes that were stolen with 2 persons, one with a radio, another with a PC

@GPSPATRON 3 года назад

@@Y_B099 Sorry dude, but we only work with GNSS.

@MrDenisJoshua Год назад

How much time aprox. a dovnloaded file wil work please ? Thanks for the video

@GPSPATRON Год назад

It depends on the settings you used when generating the IQ data file. In the example from the video the duration is 10 minutes, if I'm not mistaken

@MrDenisJoshua Год назад

@@GPSPATRON So I can use a parameter to tell to the software to make a file for some weeks please ? Thanks again

@GPSPATRON Год назад

@@MrDenisJoshua It is better to use another application that generates and sends IQ data at the same time. You can find it on github. Be aware that transmitting an RF signal over-the-air in the GNSS bands is prohibited in most countries.

@MrDenisJoshua Год назад

@@GPSPATRON Thanks a lot again... do you have the name of this soft please ? I'll use only on a place underground... I just must tell to the mobile that I'm home :-)

@GPSPATRON Год назад

@@MrDenisJoshua you check this one github.com/Mictronics/multi-sdr-gps-sim

@sadanandchauhan7520 2 года назад

can we spoof GPS signals in India as well just as easily as you demonstarted in this video? so i need your help in making a Proj for my Mtch degree. ready to pay for it as well. waiting for your reply in anticipation.

@GPSPATRON 2 года назад

Hi Sadanand, What do you think about the small joint research? We support various educational programs. Please fill out the feedback form on our website and we will definitely get back to you.

@VornameNachname86 3 года назад

yeah it surely is a stretch to call that "shockingly easy"

@moosehead4497 Год назад

Anything you can do with a credit card an internet connection, and an ability to follow simple directions, is shockingly easy. Especially considering the damage which could be caused

@JulioAbel90 2 года назад

Is this detectable by uber driver?

@nobodynoone2500 11 месяцев назад

You holding a big strange glowing box with an antenna sticking out and yourself laughing maniacally and wearing a gopro will most likely give it away when the gps starts acting weird.

@GPSPATRON 3 года назад

Read our article in which we investigate the work of the anti-spoofing algorithms gpspatron.com/ublox-m8t-gps-spoofing-test/

@jbvhkgh5564 Год назад

Is it's now the same day's broadcast file, will it not work?

@Belsky1973 4 года назад

understood nothing but cool

@Eric-the-wise 3 года назад

Shouldve stayed in school

@careprost-ukraine8865 3 года назад

))

@satpalraiofficial Год назад

Hello sir can you send the stepwise procedure of this

@GPSPATRON Год назад

Hi, we do not have it. However, you can check this article instead: gpspatron.com/spoofing-a-multi-band-rtk-gnss-receiver-with-hackrf-one-and-gnss-jammer/

@paulfrancis8836 2 года назад

no suck exe for windows.

@fantomas2333353 3 года назад

Зачем так язык мучить? 🤔🤔🤔

@GPSPATRON 3 года назад

если бы в России наш проект был бы нужен хоть кому-то, говорил бы на русском :-)

@isitreal369 2 года назад

can you do that for mulitple ip address?

@george5120 2 года назад

Anybody with a heavy foreign accent like this guy should not be making himself even more difficult to understand with that background music.

@JA-yy6bd 3 года назад

Put price of items in discerption.

@GPSPATRON 3 года назад

www.sparkfun.com/products/13001 HackRF One - $299 Jammer - $20

@PeterFerris Год назад

@@GPSPATRON Which jammer is $20? I noticed the following prices: Great Scott Gadgets HackRF One - Software Defined Radio $340.00 EVK-M8T $260.00 And nobody seems to have them in stock at present. Instructive video though.

@nobodynoone2500 11 месяцев назад

@@PeterFerris The guy that hangs with the 40 theives knows where to get em cheap, but quality varies, and you'd better be careful that it's only powerful enough for local interference or the fcc will bring the high-caliber fine gun.

@chuykinru 2 года назад

Ну вот что на русском языке было не сделать...

@GPSPATRON 2 года назад

Этот ролик нужен, чтобы показать на сколько ГНСС спуфинг стал доступным. Мы это делаем для продвижения нашей системы защиты от спуфинга. Мы бы с удовольствием делали видосы на русском, если в России был спрос на нашу систему. Так что сорри.

@lblset Год назад

@@GPSPATRON мне кажется, время спроса пришло))